CVE-2023-52904

MEDIUM

Linux Kernel 5.15.152-5.15.168 - NULL Pointer Dereference in snd_usb_pcm_has_fixed_rate

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030

Patch

https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8

Patch

https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (6)

linux/Kernel 5.15.152 - 5.15.168linux

Linux/Linux 291e9da91403e0e628d7692b5ed505100e7b7706 - 92a9c0ad86d47ff4cce899012e355c400f02cfb8

Linux/Linux 5.15.152 - 5.15.168

Linux/Linux bfd36b1d1869859af7ba94dc95ec05e74f40d0b7 - f57204edc10760c935d8d36ea999dc8acf018030

Linux/Linux e1e0a181aea375edfae2f9a59070f95d904980d1 - a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8

linux/linux_kernel

Published Aug 21, 2024

Tracked Since Feb 18, 2026